2 Unix SMB/CIFS implementation.
4 Winbind cache backend functions
6 Copyright (C) Andrew Tridgell 2001
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
26 #define DBGC_CLASS DBGC_WINBIND
28 struct winbind_cache {
29 struct winbindd_methods *backend;
35 uint32 sequence_number;
40 #define WINBINDD_MAX_CACHE_SIZE (50*1024*1024)
42 static struct winbind_cache *wcache;
45 void wcache_flush_cache(void)
47 extern BOOL opt_nocache;
51 tdb_close(wcache->tdb);
54 if (opt_nocache) return;
56 wcache->tdb = tdb_open_log(lock_path("winbindd_cache.tdb"), 5000,
57 TDB_CLEAR_IF_FIRST, O_RDWR|O_CREAT, 0600);
60 DEBUG(0,("Failed to open winbindd_cache.tdb!\n"));
64 void winbindd_check_cache_size(time_t t)
66 static time_t last_check_time;
69 if (last_check_time == (time_t)0)
72 if (t - last_check_time < 60 && t - last_check_time > 0)
75 if (wcache == NULL || wcache->tdb == NULL) {
76 DEBUG(0, ("Unable to check size of tdb cache - cache not open !\n"));
80 if (fstat(wcache->tdb->fd, &st) == -1) {
81 DEBUG(0, ("Unable to check size of tdb cache %s!\n", strerror(errno) ));
85 if (st.st_size > WINBINDD_MAX_CACHE_SIZE) {
86 DEBUG(10,("flushing cache due to size (%lu) > (%lu)\n",
87 (unsigned long)st.st_size,
88 (unsigned long)WINBINDD_MAX_CACHE_SIZE));
93 /* get the winbind_cache structure */
94 static struct winbind_cache *get_cache(struct winbindd_domain *domain)
96 extern struct winbindd_methods msrpc_methods;
97 struct winbind_cache *ret = wcache;
101 ret = smb_xmalloc(sizeof(*ret));
103 switch (lp_security()) {
106 extern struct winbindd_methods ads_methods;
107 ret->backend = &ads_methods;
112 ret->backend = &msrpc_methods;
116 wcache_flush_cache();
122 free a centry structure
124 static void centry_free(struct cache_entry *centry)
127 SAFE_FREE(centry->data);
133 pull a uint32 from a cache entry
135 static uint32 centry_uint32(struct cache_entry *centry)
138 if (centry->len - centry->ofs < 4) {
139 DEBUG(0,("centry corruption? needed 4 bytes, have %d\n",
140 centry->len - centry->ofs));
141 smb_panic("centry_uint32");
143 ret = IVAL(centry->data, centry->ofs);
149 pull a uint8 from a cache entry
151 static uint8 centry_uint8(struct cache_entry *centry)
154 if (centry->len - centry->ofs < 1) {
155 DEBUG(0,("centry corruption? needed 1 bytes, have %d\n",
156 centry->len - centry->ofs));
157 smb_panic("centry_uint32");
159 ret = CVAL(centry->data, centry->ofs);
164 /* pull a string from a cache entry, using the supplied
167 static char *centry_string(struct cache_entry *centry, TALLOC_CTX *mem_ctx)
172 len = centry_uint8(centry);
175 /* a deliberate NULL string */
179 if (centry->len - centry->ofs < len) {
180 DEBUG(0,("centry corruption? needed %d bytes, have %d\n",
181 len, centry->len - centry->ofs));
182 smb_panic("centry_string");
185 ret = talloc(mem_ctx, len+1);
187 smb_panic("centry_string out of memory\n");
189 memcpy(ret,centry->data + centry->ofs, len);
195 /* the server is considered down if it can't give us a sequence number */
196 static BOOL wcache_server_down(struct winbindd_domain *domain)
198 if (!wcache->tdb) return False;
199 return (domain->sequence_number == DOM_SEQUENCE_NONE);
204 refresh the domain sequence number. If force is True
205 then always refresh it, no matter how recently we fetched it
207 static void refresh_sequence_number(struct winbindd_domain *domain, BOOL force)
211 unsigned cache_time = lp_winbind_cache_time();
213 /* trying to reconnect is expensive, don't do it too often */
214 if (domain->sequence_number == DOM_SEQUENCE_NONE) {
218 time_diff = time(NULL) - domain->last_seq_check;
220 /* see if we have to refetch the domain sequence number */
221 if (!force && (time_diff < cache_time)) {
225 status = wcache->backend->sequence_number(domain, &domain->sequence_number);
227 if (!NT_STATUS_IS_OK(status)) {
228 domain->sequence_number = DOM_SEQUENCE_NONE;
231 domain->last_seq_check = time(NULL);
235 decide if a cache entry has expired
237 static BOOL centry_expired(struct winbindd_domain *domain, struct cache_entry *centry)
239 /* if the server is OK and our cache entry came from when it was down then
240 the entry is invalid */
241 if (domain->sequence_number != DOM_SEQUENCE_NONE &&
242 centry->sequence_number == DOM_SEQUENCE_NONE) {
246 /* if the server is down or the cache entry is not older than the
247 current sequence number then it is OK */
248 if (wcache_server_down(domain) ||
249 centry->sequence_number == domain->sequence_number) {
258 fetch an entry from the cache, with a varargs key. auto-fetch the sequence
259 number and return status
261 static struct cache_entry *wcache_fetch(struct winbind_cache *cache,
262 struct winbindd_domain *domain,
263 const char *format, ...)
268 struct cache_entry *centry;
271 refresh_sequence_number(domain, False);
273 va_start(ap, format);
274 smb_xvasprintf(&kstr, format, ap);
278 key.dsize = strlen(kstr);
279 data = tdb_fetch(wcache->tdb, key);
286 centry = smb_xmalloc(sizeof(*centry));
287 centry->data = data.dptr;
288 centry->len = data.dsize;
291 if (centry->len < 8) {
292 /* huh? corrupt cache? */
297 centry->status = NT_STATUS(centry_uint32(centry));
298 centry->sequence_number = centry_uint32(centry);
300 if (centry_expired(domain, centry)) {
301 extern BOOL opt_dual_daemon;
303 if (opt_dual_daemon) {
304 extern BOOL background_process;
305 background_process = True;
316 make sure we have at least len bytes available in a centry
318 static void centry_expand(struct cache_entry *centry, uint32 len)
321 if (centry->len - centry->ofs >= len) return;
323 p = realloc(centry->data, centry->len);
325 DEBUG(0,("out of memory: needed %d bytes in centry_expand\n", centry->len));
326 smb_panic("out of memory in centry_expand");
332 push a uint32 into a centry
334 static void centry_put_uint32(struct cache_entry *centry, uint32 v)
336 centry_expand(centry, 4);
337 SIVAL(centry->data, centry->ofs, v);
342 push a uint8 into a centry
344 static void centry_put_uint8(struct cache_entry *centry, uint8 v)
346 centry_expand(centry, 1);
347 SCVAL(centry->data, centry->ofs, v);
352 push a string into a centry
354 static void centry_put_string(struct cache_entry *centry, const char *s)
359 /* null strings are marked as len 0xFFFF */
360 centry_put_uint8(centry, 0xFF);
365 /* can't handle more than 254 char strings. Truncating is probably best */
366 if (len > 254) len = 254;
367 centry_put_uint8(centry, len);
368 centry_expand(centry, len);
369 memcpy(centry->data + centry->ofs, s, len);
374 start a centry for output. When finished, call centry_end()
376 struct cache_entry *centry_start(struct winbindd_domain *domain, NTSTATUS status)
378 struct cache_entry *centry;
380 if (!wcache->tdb) return NULL;
382 centry = smb_xmalloc(sizeof(*centry));
384 centry->len = 8192; /* reasonable default */
385 centry->data = smb_xmalloc(centry->len);
387 centry->sequence_number = domain->sequence_number;
388 centry_put_uint32(centry, NT_STATUS_V(status));
389 centry_put_uint32(centry, centry->sequence_number);
394 finish a centry and write it to the tdb
396 static void centry_end(struct cache_entry *centry, const char *format, ...)
402 va_start(ap, format);
403 smb_xvasprintf(&kstr, format, ap);
407 key.dsize = strlen(kstr);
408 data.dptr = centry->data;
409 data.dsize = centry->ofs;
411 tdb_store(wcache->tdb, key, data, TDB_REPLACE);
415 /* form a sid from the domain plus rid */
416 static DOM_SID *form_sid(struct winbindd_domain *domain, uint32 rid)
419 sid_copy(&sid, &domain->sid);
420 sid_append_rid(&sid, rid);
424 static void wcache_save_name_to_sid(struct winbindd_domain *domain, NTSTATUS status,
425 const char *name, DOM_SID *sid, enum SID_NAME_USE type)
427 struct cache_entry *centry;
431 centry = centry_start(domain, status);
434 centry_expand(centry, len);
435 centry_put_uint32(centry, type);
436 sid_linearize(centry->data + centry->ofs, len, sid);
438 fstrcpy(uname, name);
440 centry_end(centry, "NS/%s/%s", domain->name, uname);
444 static void wcache_save_sid_to_name(struct winbindd_domain *domain, NTSTATUS status,
445 DOM_SID *sid, const char *name, enum SID_NAME_USE type, uint32 rid)
447 struct cache_entry *centry;
449 centry = centry_start(domain, status);
451 if (NT_STATUS_IS_OK(status)) {
452 centry_put_uint32(centry, type);
453 centry_put_string(centry, name);
455 centry_end(centry, "SN/%s/%d", domain->name, rid);
460 static void wcache_save_user(struct winbindd_domain *domain, NTSTATUS status, WINBIND_USERINFO *info)
462 struct cache_entry *centry;
464 centry = centry_start(domain, status);
466 centry_put_string(centry, info->acct_name);
467 centry_put_string(centry, info->full_name);
468 centry_put_uint32(centry, info->user_rid);
469 centry_put_uint32(centry, info->group_rid);
470 centry_end(centry, "U/%s/%d", domain->name, info->user_rid);
475 /* Query display info. This is the basic user list fn */
476 static NTSTATUS query_user_list(struct winbindd_domain *domain,
479 WINBIND_USERINFO **info)
481 struct winbind_cache *cache = get_cache(domain);
482 struct cache_entry *centry = NULL;
486 if (!cache->tdb) goto do_query;
488 centry = wcache_fetch(cache, domain, "UL/%s", domain->name);
489 if (!centry) goto do_query;
491 *num_entries = centry_uint32(centry);
493 if (*num_entries == 0) goto do_cached;
495 (*info) = talloc(mem_ctx, sizeof(**info) * (*num_entries));
496 if (! (*info)) smb_panic("query_user_list out of memory");
497 for (i=0; i<(*num_entries); i++) {
498 (*info)[i].acct_name = centry_string(centry, mem_ctx);
499 (*info)[i].full_name = centry_string(centry, mem_ctx);
500 (*info)[i].user_rid = centry_uint32(centry);
501 (*info)[i].group_rid = centry_uint32(centry);
505 status = centry->status;
513 if (wcache_server_down(domain)) {
514 return NT_STATUS_SERVER_DISABLED;
517 status = cache->backend->query_user_list(domain, mem_ctx, num_entries, info);
520 refresh_sequence_number(domain, True);
521 centry = centry_start(domain, status);
522 if (!centry) goto skip_save;
523 centry_put_uint32(centry, *num_entries);
524 for (i=0; i<(*num_entries); i++) {
525 centry_put_string(centry, (*info)[i].acct_name);
526 centry_put_string(centry, (*info)[i].full_name);
527 centry_put_uint32(centry, (*info)[i].user_rid);
528 centry_put_uint32(centry, (*info)[i].group_rid);
529 if (cache->backend->consistent) {
530 /* when the backend is consistent we can pre-prime some mappings */
531 wcache_save_name_to_sid(domain, NT_STATUS_OK,
532 (*info)[i].acct_name,
533 form_sid(domain, (*info)[i].user_rid),
535 wcache_save_sid_to_name(domain, NT_STATUS_OK,
536 form_sid(domain, (*info)[i].user_rid),
537 (*info)[i].acct_name,
538 SID_NAME_USER, (*info)[i].user_rid);
539 wcache_save_user(domain, NT_STATUS_OK, &(*info)[i]);
542 centry_end(centry, "UL/%s", domain->name);
549 /* list all domain groups */
550 static NTSTATUS enum_dom_groups(struct winbindd_domain *domain,
553 struct acct_info **info)
555 struct winbind_cache *cache = get_cache(domain);
556 struct cache_entry *centry = NULL;
560 if (!cache->tdb) goto do_query;
562 centry = wcache_fetch(cache, domain, "GL/%s/domain", domain->name);
563 if (!centry) goto do_query;
565 *num_entries = centry_uint32(centry);
567 if (*num_entries == 0) goto do_cached;
569 (*info) = talloc(mem_ctx, sizeof(**info) * (*num_entries));
570 if (! (*info)) smb_panic("enum_dom_groups out of memory");
571 for (i=0; i<(*num_entries); i++) {
572 fstrcpy((*info)[i].acct_name, centry_string(centry, mem_ctx));
573 fstrcpy((*info)[i].acct_desc, centry_string(centry, mem_ctx));
574 (*info)[i].rid = centry_uint32(centry);
578 status = centry->status;
586 if (wcache_server_down(domain)) {
587 return NT_STATUS_SERVER_DISABLED;
590 status = cache->backend->enum_dom_groups(domain, mem_ctx, num_entries, info);
593 refresh_sequence_number(domain, True);
594 centry = centry_start(domain, status);
595 if (!centry) goto skip_save;
596 centry_put_uint32(centry, *num_entries);
597 for (i=0; i<(*num_entries); i++) {
598 centry_put_string(centry, (*info)[i].acct_name);
599 centry_put_string(centry, (*info)[i].acct_desc);
600 centry_put_uint32(centry, (*info)[i].rid);
602 centry_end(centry, "GL/%s/domain", domain->name);
609 /* list all domain groups */
610 static NTSTATUS enum_local_groups(struct winbindd_domain *domain,
613 struct acct_info **info)
615 struct winbind_cache *cache = get_cache(domain);
616 struct cache_entry *centry = NULL;
620 if (!cache->tdb) goto do_query;
622 centry = wcache_fetch(cache, domain, "GL/%s/local", domain->name);
623 if (!centry) goto do_query;
625 *num_entries = centry_uint32(centry);
627 if (*num_entries == 0) goto do_cached;
629 (*info) = talloc(mem_ctx, sizeof(**info) * (*num_entries));
630 if (! (*info)) smb_panic("enum_dom_groups out of memory");
631 for (i=0; i<(*num_entries); i++) {
632 fstrcpy((*info)[i].acct_name, centry_string(centry, mem_ctx));
633 fstrcpy((*info)[i].acct_desc, centry_string(centry, mem_ctx));
634 (*info)[i].rid = centry_uint32(centry);
639 /* If we are returning cached data and the domain controller
640 is down then we don't know whether the data is up to date
641 or not. Return NT_STATUS_MORE_PROCESSING_REQUIRED to
644 if (wcache_server_down(domain)) {
645 DEBUG(10, ("query_user_list: returning cached user list and server was down\n"));
646 status = NT_STATUS_MORE_PROCESSING_REQUIRED;
648 status = centry->status;
657 if (wcache_server_down(domain)) {
658 return NT_STATUS_SERVER_DISABLED;
661 status = cache->backend->enum_local_groups(domain, mem_ctx, num_entries, info);
664 refresh_sequence_number(domain, True);
665 centry = centry_start(domain, status);
666 if (!centry) goto skip_save;
667 centry_put_uint32(centry, *num_entries);
668 for (i=0; i<(*num_entries); i++) {
669 centry_put_string(centry, (*info)[i].acct_name);
670 centry_put_string(centry, (*info)[i].acct_desc);
671 centry_put_uint32(centry, (*info)[i].rid);
673 centry_end(centry, "GL/%s/local", domain->name);
680 /* convert a single name to a sid in a domain */
681 static NTSTATUS name_to_sid(struct winbindd_domain *domain,
684 enum SID_NAME_USE *type)
686 struct winbind_cache *cache = get_cache(domain);
687 struct cache_entry *centry = NULL;
691 if (!cache->tdb) goto do_query;
693 fstrcpy(uname, name);
695 centry = wcache_fetch(cache, domain, "NS/%s/%s", domain->name, uname);
696 if (!centry) goto do_query;
697 *type = centry_uint32(centry);
698 sid_parse(centry->data + centry->ofs, centry->len - centry->ofs, sid);
700 status = centry->status;
707 if (wcache_server_down(domain)) {
708 return NT_STATUS_SERVER_DISABLED;
710 status = cache->backend->name_to_sid(domain, name, sid, type);
713 wcache_save_name_to_sid(domain, status, name, sid, *type);
715 /* We can't save the sid to name mapping as we don't know the
716 correct case of the name without looking it up */
721 /* convert a sid to a user or group name. The sid is guaranteed to be in the domain
723 static NTSTATUS sid_to_name(struct winbindd_domain *domain,
727 enum SID_NAME_USE *type)
729 struct winbind_cache *cache = get_cache(domain);
730 struct cache_entry *centry = NULL;
734 if (!sid_peek_check_rid(&domain->sid, sid, &rid))
735 return NT_STATUS_INVALID_PARAMETER;
737 if (!cache->tdb) goto do_query;
739 centry = wcache_fetch(cache, domain, "SN/%s/%d", domain->name, rid);
740 if (!centry) goto do_query;
741 if (NT_STATUS_IS_OK(centry->status)) {
742 *type = centry_uint32(centry);
743 *name = centry_string(centry, mem_ctx);
745 status = centry->status;
752 if (wcache_server_down(domain)) {
753 return NT_STATUS_SERVER_DISABLED;
755 status = cache->backend->sid_to_name(domain, mem_ctx, sid, name, type);
758 refresh_sequence_number(domain, True);
759 wcache_save_sid_to_name(domain, status, sid, *name, *type, rid);
760 wcache_save_name_to_sid(domain, status, *name, sid, *type);
766 /* Lookup user information from a rid */
767 static NTSTATUS query_user(struct winbindd_domain *domain,
770 WINBIND_USERINFO *info)
772 struct winbind_cache *cache = get_cache(domain);
773 struct cache_entry *centry = NULL;
776 if (!cache->tdb) goto do_query;
778 centry = wcache_fetch(cache, domain, "U/%s/%d", domain->name, user_rid);
779 if (!centry) goto do_query;
781 info->acct_name = centry_string(centry, mem_ctx);
782 info->full_name = centry_string(centry, mem_ctx);
783 info->user_rid = centry_uint32(centry);
784 info->group_rid = centry_uint32(centry);
785 status = centry->status;
792 if (wcache_server_down(domain)) {
793 return NT_STATUS_SERVER_DISABLED;
796 status = cache->backend->query_user(domain, mem_ctx, user_rid, info);
799 refresh_sequence_number(domain, True);
800 wcache_save_user(domain, status, info);
806 /* Lookup groups a user is a member of. */
807 static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
810 uint32 *num_groups, uint32 **user_gids)
812 struct winbind_cache *cache = get_cache(domain);
813 struct cache_entry *centry = NULL;
817 if (!cache->tdb) goto do_query;
819 centry = wcache_fetch(cache, domain, "UG/%s/%d", domain->name, user_rid);
820 if (!centry) goto do_query;
822 *num_groups = centry_uint32(centry);
824 if (*num_groups == 0) goto do_cached;
826 (*user_gids) = talloc(mem_ctx, sizeof(**user_gids) * (*num_groups));
827 if (! (*user_gids)) smb_panic("lookup_usergroups out of memory");
828 for (i=0; i<(*num_groups); i++) {
829 (*user_gids)[i] = centry_uint32(centry);
833 status = centry->status;
841 if (wcache_server_down(domain)) {
842 return NT_STATUS_SERVER_DISABLED;
844 status = cache->backend->lookup_usergroups(domain, mem_ctx, user_rid, num_groups, user_gids);
847 refresh_sequence_number(domain, True);
848 centry = centry_start(domain, status);
849 if (!centry) goto skip_save;
850 centry_put_uint32(centry, *num_groups);
851 for (i=0; i<(*num_groups); i++) {
852 centry_put_uint32(centry, (*user_gids)[i]);
854 centry_end(centry, "UG/%s/%d", domain->name, user_rid);
862 static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
864 uint32 group_rid, uint32 *num_names,
865 uint32 **rid_mem, char ***names,
868 struct winbind_cache *cache = get_cache(domain);
869 struct cache_entry *centry = NULL;
873 if (!cache->tdb) goto do_query;
875 centry = wcache_fetch(cache, domain, "GM/%s/%d", domain->name, group_rid);
876 if (!centry) goto do_query;
878 *num_names = centry_uint32(centry);
880 if (*num_names == 0) goto do_cached;
882 (*rid_mem) = talloc(mem_ctx, sizeof(**rid_mem) * (*num_names));
883 (*names) = talloc(mem_ctx, sizeof(**names) * (*num_names));
884 (*name_types) = talloc(mem_ctx, sizeof(**name_types) * (*num_names));
886 if (! (*rid_mem) || ! (*names) || ! (*name_types)) {
887 smb_panic("lookup_groupmem out of memory");
890 for (i=0; i<(*num_names); i++) {
891 (*rid_mem)[i] = centry_uint32(centry);
892 (*names)[i] = centry_string(centry, mem_ctx);
893 (*name_types)[i] = centry_uint32(centry);
897 status = centry->status;
905 (*name_types) = NULL;
908 if (wcache_server_down(domain)) {
909 return NT_STATUS_SERVER_DISABLED;
911 status = cache->backend->lookup_groupmem(domain, mem_ctx, group_rid, num_names,
912 rid_mem, names, name_types);
915 refresh_sequence_number(domain, True);
916 centry = centry_start(domain, status);
917 if (!centry) goto skip_save;
918 centry_put_uint32(centry, *num_names);
919 for (i=0; i<(*num_names); i++) {
920 centry_put_uint32(centry, (*rid_mem)[i]);
921 centry_put_string(centry, (*names)[i]);
922 centry_put_uint32(centry, (*name_types)[i]);
924 centry_end(centry, "GM/%s/%d", domain->name, group_rid);
931 /* find the sequence number for a domain */
932 static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
934 refresh_sequence_number(domain, False);
936 *seq = domain->sequence_number;
941 /* enumerate trusted domains */
942 static NTSTATUS trusted_domains(struct winbindd_domain *domain,
949 struct winbind_cache *cache = get_cache(domain);
951 /* we don't cache this call */
952 return cache->backend->trusted_domains(domain, mem_ctx, num_domains,
953 names, alt_names, dom_sids);
956 /* find the domain sid */
957 static NTSTATUS domain_sid(struct winbindd_domain *domain, DOM_SID *sid)
959 struct winbind_cache *cache = get_cache(domain);
961 /* we don't cache this call */
962 return cache->backend->domain_sid(domain, sid);
965 /* find the alternate names for the domain, if any */
966 static NTSTATUS alternate_name(struct winbindd_domain *domain)
968 struct winbind_cache *cache = get_cache(domain);
970 /* we don't cache this call */
971 return cache->backend->alternate_name(domain);
974 /* the ADS backend methods are exposed via this structure */
975 struct winbindd_methods cache_methods = {
git.samba.org / ira / wip.git / blob